Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Cisco released its 2018 Annual Cybersecurity Report (ACR) on Feb. 21, revealing insights from its own efforts, as well as a survey of 3,600 Chief Information Security Officers (CISOs).

Among the high-level findings in the 68-page report is that 39 percent of organizations stated they rely on automation for their cyber-security efforts. Additionally, according to Cisco's analysis of over 400,000 malicious binary files, approximately 70 percent made use of some form of encryption. Cisco also found that attackers are increasingly evading defender sandboxes with sophisticated techniques.

"I'm not surprised attackers are going after supply chain, using cryptography and evading sandboxed environments, we've seen all these things coming for a long time," Martin Roesch, Chief Architect in the Security Business Group at Cisco, told eWEEK. "I've been doing this for so long, it's pretty hard for me to be surprised at this point."

Further reading

Roesch did note however that he was pleasantly surprised that so many organizations are now relying on automation, as well as machine learning and artificial intelligence, for their cyber-security operations.

"If you want to make use of a lot of security data quickly, you have to make use of a fair amount of automation," Roesch said.

Roesch also noted that the ACR highlights the fact that organizations are using more cyber-security products from more vendors than ever before. In 2017, 25 percent respondents reported that they used cyber-security technologies from 11 to 20 vendors, up from 18 percent in 2016.

Exposed Systems

Among the different types of security concerns analyzed in the ACR is the issue of exposed development systems. Franc Artes, Architect, in the Security Business Group at Cisco said that DevOps servers including MongoDB, CouchDB, Memcache and Elasticsearch were left wide open by organizations in 2017, enabling potential attackers to easily extract information.

"We see that DevOps organizations are building quickly, but while they are scaling they are not unfortunately making sure they have hardened their systems," Artes said.

Cisco's ACR also examined the issue of cyber-security alerts and how organizations respond to them. Cisco found that 93 percent of organizations had at least one security alert in 2017, though only 56 percent of alerts were actually investigated. Looking at the alerts that were investigated, Cisco reported that only 34 percent were considered to be legitimate.

Getting alerts is one thing, while actually being able to detect real threats is another. A key metric that Cisco tracks for itself is the time to detection (TTD) for threats. In 2016, Cisco reported that its annual median TTD for new threats was 14 hours. That figured improved significantly in 2017, dropping down to 4.6 hours.

"We're very focussed on our time to detect malware with our technology," Artes said.

Correspondingly Artes said that there was a 10x increase in the number of observed threat samples in 2017 over 2016. As it turns out, the higher volume of threat samples has actually helped to improve the TDD as the increased data volume have allowed Cisco's cloud-based technologies to learn faster.

Recommendations for Improved Security

There are a number of different things that organizations can do to improve cyber-security, including regular patching to mitigate known threats. Artes said that organizations need to get the basic "blocking and tackling" of cyber-security in place, which includes patching, to form a basis for risk mitigation.

Artes noted that Cisco also recommends that organizations review and practice security response procedures. Testing restoration procedures as well as regular data backups are also good security best practices. Overall, Cisco's advice is for organizations to be more prepared for security incidents before they happen with proper testing and policies.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.